Businesses Survive Computer Assault

Employees Warned Against Destructive E-mail

A destructive new bug struck tens of thousands of computers Friday, prompting some companies to shut down their e-mail systems as the FBI launched an international investigation.

The brouhaha over the Worm.Explore.Zip bug spotlighted the growing importance of e-mail in the nation's commerce and communications-- and its vulnerability.

The unwanted "worm" bored through the defenses of some huge multinational players such as General Electric and Boeing, destroying valuable computer files. Still, most companies said they were only minimally affected.

In Chicago, the parent of Commonwealth Edison Co. shut down its e-mail system when the virus appeared on Thursday, and kept it down Friday, inconveniencing some 10,000 employees, according to Unicom Corp. spokesman Keith Bromery.

"At most companies like ours, e-mail is how people communicate," Bromery said. "You're finding a lot more use of the phones today. There's more faxing going on today. Normally you'd send an e-mail with an attachment."

As at other affected companies, systems experts at Unicom were working to eradicate the bug, which as of Friday had had no effect on customer service. As one employee put it, "Know where we can buy some worm poison?"

The Chicago Mercantile Exchange was among hundreds of organizations that upgraded anti-bug software and issued alerts to e-mail users.

The scare had an unsettling effect on Merc Chairman Scott Gordon. "You never know when you're going to be attacked," he said. "I get a tremendous amount of e-mail from all over the world. As we become more dependent on computers, we are more at risk from these malicious invaders. If you hadn't backed up stuff, what a disaster."

The FBI on Friday was reportedly tracing the source of the bug, which appeared earlier this week in Israel before spreading to a dozen countries.

The bug disguises itself as a friendly piece of e-mail, similar to the recent Melissa virus, which infected hundreds of thousands of machines.

But it's "much worse" than Melissa because it can leave behind a wide swath of deleted files, according to Carey Nachenberg, chief researcher at the Symantec AntiVirus Research Center. "This is actively trashing information. Some companies have definitely been hit very badly."

The bug works by masquerading as an e-mail message from a friend or acquaintance. "I received your e-mail and I shall send you a reply ASAP," it tells its victims. "Till then, take a look at the attached zipped docs."

Those who unwittingly open the attached files unleash the destructive program. The bug, which attacks only computers using Microsoft operating systems, also sends a copy of itself as a reply to any incoming e-mail.

Steeled by the Melissa experience earlier this spring, systems managers helped contain the damage from the latest bug by reacting swiftly.

Mike Pruyn, spokesman for AT&T in Chicago, had a close encounter with the bug when he received 50 unexpected e-mails. Because his company had issued warnings, he didn't open the booby trapped files, he said.

Deere & Co., the giant agricultural-equipment manufacturer in Moline, said it managed to contain the bug. "This virus has moved 1,500 different times through the company," a Deere spokesman said. "But only about a dozen computers actually had some damage."

At Lucent Technologies, which makes telecommunications equipment, strange messages began appearing on computers Thursday morning, according to spokesman John Skalko, who inadvertently activated Worm.Explore.Zip on his computer.

"That was enough. I lost all my (Microsoft Word) files," Skalko told the Associated Press. At least 20 to 30 other computers were stricken by the virus before Lucent technicians shut down the e-mail system and inoculated it.

The Quaker Oats Co., meantime, decided to shut down its e-mail system until Monday as a precaution. "This is standard protocol," a spokesman said. "This is just part of living in an electronic society."

Because of the way it works, Worm.Explore.Zip actually does not fit the technical definition of a computer virus.

Instead, software experts said, the bug should be classified as a "Trojan Horse"--a name borrowed from an ancient battle in which Greek soldiers hid inside a wooden horse to launch a surprise attack on the city of Troy.